Uploaded image for project: 'Lustre'
  1. Lustre
  2. LU-17624

SSK cannot be set up on a FIPS-enabled client

Details

    • Bug
    • Resolution: Fixed
    • Minor
    • Lustre 2.16.0
    • Lustre 2.16.0
    • 3
    • 9223372036854775807

    Description

      When trying to setup SSK on a FIPS enabled client we get:

      # lgss_sk -t client -m /ssk_dir/testfs.server.key
Generating DH parameters, this can take a while...
error: cannot generate DH parameters

      Adding more debug traces, we can see:

      error:050C90CA:Diffie-Hellman routines:DH_generate_parameters_ex:non FIPS method

      In FIPS mode, only certain crypto methods are allowed.

      Attachments

        Activity

          [LU-17624] SSK cannot be set up on a FIPS-enabled client
          pjones Peter Jones added a comment -

          Merged for 2.16

          pjones Peter Jones added a comment - Merged for 2.16
          gerrit Gerrit Updater added a comment -

          "Oleg Drokin <green@whamcloud.com>" merged in patch https://review.whamcloud.com/c/fs/lustre-release/+/54314/
          Subject: LU-17624 ssk: support FIPS mode on client
          Project: fs/lustre-release
          Branch: master
          Current Patch Set:
          Commit: 5dc91df283fb5a7030b384f224085d73268dcca5

          gerrit Gerrit Updater added a comment - "Oleg Drokin <green@whamcloud.com>" merged in patch https://review.whamcloud.com/c/fs/lustre-release/+/54314/ Subject: LU-17624 ssk: support FIPS mode on client Project: fs/lustre-release Branch: master Current Patch Set: Commit: 5dc91df283fb5a7030b384f224085d73268dcca5
          gerrit Gerrit Updater added a comment -

          "Sebastien Buisson <sbuisson@ddn.com>" uploaded a new patch: https://review.whamcloud.com/c/fs/lustre-release/+/54314
          Subject: LU-17624 ssk: support FIPS mode on client
          Project: fs/lustre-release
          Branch: master
          Current Patch Set: 1
          Commit: b0c3a7595036d54ef7db277ca4fbd6c424a1921d

          gerrit Gerrit Updater added a comment - "Sebastien Buisson <sbuisson@ddn.com>" uploaded a new patch: https://review.whamcloud.com/c/fs/lustre-release/+/54314 Subject: LU-17624 ssk: support FIPS mode on client Project: fs/lustre-release Branch: master Current Patch Set: 1 Commit: b0c3a7595036d54ef7db277ca4fbd6c424a1921d

          People

            sebastien Sebastien Buisson
            sebastien Sebastien Buisson
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: